diff options
Diffstat (limited to 'roles/pf')
| -rw-r--r-- | roles/pf/templates/pf.conf.j2 | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2 index d39694d..6d67f4f 100644 --- a/roles/pf/templates/pf.conf.j2 +++ b/roles/pf/templates/pf.conf.j2 @@ -1,11 +1,10 @@ {# pf ~~ templates/pf.conf.j2 #} - # pf ~~ /etc/pf.conf -# ========================= # +# * # common config. by Ansible -# ========================= # +# * set block-policy drop set loginterface egress @@ -17,15 +16,22 @@ block all pass in quick on egress proto {{ service["proto"] }} to port {{ service["port"] }} {% endfor %} -# ====================== # +# * # sub-config. by Ansible -# ====================== # +# * + +{% if hypervisor is defined and vms is defined %} +# hypervisor network passthrough +{% for i in range(vms | length + 5) %} +set skip on tap{{ i }} +{% endfor %} +{% endif %} {% include "templates/" + inventory_hostname + "/etc/pf.conf.j2" ignore missing %} -# ========================= # +# * # out. interface by Ansible -# ========================= # +# * pass out quick inet pass in proto { icmp, icmp6 } all |